Fibratus is a tool which is able to capture the most of the Windows kernel activity – process/thread creation and termination, context switches, file system I/O, registry, network activity, DLL loading/unloading and much more.
The kernel events can be easily streamed to a number of output sinks like AMQP message brokers, Elasticsearch clusters or standard output stream.
You can use filaments (lightweight Python modules) to extend it with your own arsenal of tools and so leverage the power of the Python’s ecosystem.
Also Read : Crashcast-Exploit : Tool To Mass Play YouTube Video, Terminate Apps & Rename Chromecast Device
Download the latest release (Windows installer). The changelog and older releases can be found here.
Alternatively, you can get it from PyPI.
kstreamc extension). Make sure to export the VS100COMNTOOLS environment variable so it points to %VS140COMNTOOLS%.pip install Cython >=0.23.4.pip install fibratus
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…